WebSphere® Application Server provides a
pre-configured token, the Security Context Token (SCT). Use the administrative
console to modify the configuration of the security context token
provider.
Before you begin
WebSphere Application Server provides a
trust service. The trust service provides both a security token service
and additional WebSphere Application Server trust-related
functionality. To configure the trust service, in addition to managing
the security context token provider, you must first complete the following
tasks:
- Create or manage supported targets. You can create explicit assignments
for new service endpoints (targets) or manage endpoints that have
a security token provider explicitly assigned or that inherit the
token provider designated as the Trust Service default.
- Create or manage the attachment of token operations for service
endpoints to policy sets and bindings.
The order in which you complete these tasks is not important.
About this task
This task describes how to configure the security context
token provider and how to define the token provider properties.
Procedure
- To configure the security context token provider, click Services >
Trust services > Token providers.
- To change the configuration of the security context token
provider, click the link for the token provider name (Security Context
Token). For an existing token, the token name, class name
and URI are displayed, but are not editable.
- Optional: Change the amount of time, in minutes,
in the Time in cache after expiration field that the expired
token is kept in cache and where the token can still be renewed.
The default value is 120 minutes, and you cannot type a value
that is less than 10 minutes.
- Optional: Change the amount of time, in minutes,
in the Token timeout field that the issued token is valid.
The default value is 120 minutes, and you cannot type a value
that is less than 10 minutes.
- Optional: Select the Allow renewal after
timeout check box to enable the renewal of a token, after the
timeout time has expired. If selected, the amount of time,
within which an expired token can still be renewed, is specified in
the Time in cache after expiration field.
- Optional: Select the Allow postdated tokens check
box to enable postdated tokens. Use postdated tokens to
specify whether a client can request a token to become valid at a
later time.
- Optional: Select the Support Secure Conversation
Token v200502 check box to enable use of the older draft submission
specification level of the security context token. The
correct URI for this level of the token type schema appears in the
field under the check box: http://schemas.xmlsoap.org/ws/2005/02/sc/sct.
- Click New if you want to define a new custom property.
Specify additional configuration using the Custom Properties setting.
Custom properties are used to set internal system configuration properties.
Custom properties are arbitrary name-value pairs of data, where the
name might be a property key or a class implementation, and where
the value might be a string or Boolean value.
- If defining a new custom property, type a name.
For example, for a custom property, type: com.ibm.wsspi.wssecurity.trust.keySize
- If defining a new custom property, type a value.
For example, the following value: 128
- Repeat the name and value steps for each new custom
property.
- Click OK. You are returned to the Token
provider panel.
- Save your changes before applying the changes to the Web
Services Security runtime configuration.
- On the Token provider panel, click Update Runtime to
update the Web Services Security runtime configuration with any data
changes for token providers, trust service attachments, and targets.
Whether the confirmation window is displayed depends on whether
you select the Show confirmation for update runtime command check
box. Expand Preferences to view the check box.
- Optional: Confirm or click Cancel when
the confirmation window appears. If you deselected the Show
confirmation for update runtime command check box, all changes
are made immediately without displaying the confirmation window.
Results
You have completed the required steps to modify the configuration
of the security context token provider and to update the Web Services
Security runtime configuration. You can also modify the configuration
of the security context token provider for the trust service using
the wsadmin tool. The wsadmin tool examples are written in the Jython
scripting language.
What to do next
If you have not done so already, you must also configure
targets or configure attachments to complete the trust service configuration.